New Unisoc chipset vulnerability could allow remote denial of network services

Check Point Research, a cyber security research firm has recently published its findings on a new vulnerability discovered in the baseband processor of Unisoc chipsets. Simply put, the vulnerability affects the network modem that is part of the chipset and responsible for network connectivity. It could theoretically allow an attacker to send a corrupted network packet and disable or interrupt the device's network connectivity. As far as we know, that's the extent to which the vulnerability can be used so far.

We also can't be sure just how many Unisoc chipsets are susceptible to this sort of attack. Check Point Research discovered the vulnerability by reverse engineering the LTE protocol stack implementation on a Unisoc T700 chip inside a Motorola Moto G20 phone (XT2128-2) with a January 2022 security patch installed.

However, what is known is that, as per standard procedure in these sorts of cases, Check Point Research informed Unisoc of the findings back in May before publishing them publicly. The findings were confirmed, and the Unisoc team marked the vulnerability as critical with a 9.4 rating and created a fix that Google has already confirmed will be part of the new Android Security Bulletin. That essentially means that any affected users can expect the fix to arrive in the next Android security patch for their device.

Unfortunately, there isn't anything else users can do before that happens. And there is no specific timeline either since security updates are dependent on manufacturer and often carrier schedules. Seeing how most devices powered by Unisoc chips are more affordable and hence tend to receive less frequent support, this vulnerability could be around for quite some time. Thankfully, at least, it seems like any large-scale denial of service and potential damages that might follow is an unlikely scenario since it would likely require tampering with network equipment. Still, as per the source, Unisoc has 11% global market share, so this could be a very widespread concern.

Source | Via